#!/bin/bash
export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
#Copyright (c) 2016 YLWS-4617
#This shell program is used to help users us ssr-bash in the easiest way.
#Please obey the original license in this project file! thank you.
######Check Root######
[ $(id -u) != "0" ] && { echo "${CFAILURE}Error: You must be root to run this script${CEND}"; exit 1; }
######Check Root######

function preparevars(){
	if [[ !(-f /usr/local/SSR-Bash/vars/method) ]]; then
		mkdir -p /usr/local/SSR-Bash/vars/
		echo "chacha20" > /usr/local/SSR-Bash/vars/method
	fi

	if [[ !(-f /usr/local/SSR-Bash/vars/protocol) ]]; then
		echo "auth_sha1" > /usr/local/SSR-Bash/vars/protocol
	fi

	if [[ !(-f /usr/local/SSR-Bash/vars/obfs) ]]; then
		echo "http_simple" > /usr/local/SSR-Bash/vars/obfs
	fi
	
	if [[ !(-f /usr/local/SSR-Bash/vars/protocol_param) ]]; then
		echo "0" > /usr/local/SSR-Bash/vars/protocol_param
	fi
	
	method=$(cat /usr/local/SSR-Bash/vars/method)
	protocol=$(cat /usr/local/SSR-Bash/vars/protocol)
	obfs=$(cat /usr/local/SSR-Bash/vars/obfs)
	protocol_param=$(cat /usr/local/SSR-Bash/vars/protocol_param)
	
	
}

function echomethods(){
	echo '1.chacha20'
	echo '2.aes-128-cfb'
	echo '3.aes-256-cfb'
	echo '4.salsa20'
	echo '5.rc4-md5'
}

function echoprotocols(){
	echo '1.origin'
	echo '2.auth_simple'
	echo '3.auth_sha1'
	echo '4.auth_sha1_v4'
	echo '5.auth_aes128_md5'
	echo '6.auth_aes128_sha1'
	echo '7.verify_sha1'
	echo '8.verify_deflate'
}

function echoobfs(){
	echo '1.plain'
	echo '2.http_simple'
	echo '3.http_post'
	echo '4.tls1.2_ticket_auth'

}

function echocopyright(){
	echo '欢迎来到SSR-Bash管理程序！Author: 雨落无声'
	echo ''
	echo -e "当前加密方式：\033[33m${method}\033[0m"
	echo -e "当前协议：\033[33m${protocol}\033[0m"
	echo -e "当前混淆：\033[33m${obfs}\033[0m"
	echo ''
	echo "请输入序号来选择功能："
}


function showchoice(){
	echo '1.服务管理'
	echo '2.用户管理'
	echo '3.流量控制'
	echo '4.实验性功能'
	echo ''
}

function serverchoice(){
	echo '1.启动服务'
	echo '2.停止服务'
	echo '3.重启服务'
	echo '4.服务状态'
	echo '5.修改加密、协议、混淆方式'
	echo '6.修改 DNS'
	echo '7.修改最大设备数限制'
	echo '8.启动服务（Debug模式）'
	echo ''
}


function userchoice(){
	echo '1.添加用户'
	echo '2.删除用户'
	echo '3.修改用户密码'
	echo '4.显示用户密码信息'
	echo '5.显示所有用户密码信息'
	echo '6.批量添加用户（测试）'
}

function bandchoice(){
	echo '1.显示用户流量信息'
	echo '2.显示所有用户流量信息'
	echo '3.修改用户流量限制'
	echo '4.修改所有用户流量限制'
	echo '5.清零用户流量使用量'
	echo '6.清零所有用户流量使用量'
	echo '7.显示已添加的iptables规则'
	echo '8.一键封禁BT下载，垃圾邮件功能'
	echo ''
}
function upgradechoice(){
	echo '警告：此功能不适合新手使用，请勿乱动！'
	echo '1.升级 SSR-Bash'
	echo '2.升级 ShadowsocksR'
	echo '3.切换到特定版本'	
	echo '4.备份配置文件'
	echo '5.还原配置文件'
	echo ''
}


#Main
clear
preparevars
echocopyright
showchoice

while :; do echo

	read -p "请选择： " choice

	if [[ ! $choice =~ ^[1-4]$ ]]; then
		echo "${CWARNING}输入错误! 请输入正确的数字!${CEND}"
	else
		break	
	fi
done

if [[ $choice == 1 ]];then

	serverchoice

	while :; do echo
		read -p "请选择： " schoice
		if [[ ! $schoice =~ ^[1-8]$ ]]; then
			echo "${CWARNING}输入错误! 请输入正确的数字!${CEND}"
		else
			break	
		fi
	done

	if [[ $schoice == 1 ]];then
		bash /usr/local/SSR-Bash/ssadmin.sh start
	fi

	if [[ $schoice == 2 ]];then
		bash /usr/local/SSR-Bash/ssadmin.sh stop
	fi

	if [[ $schoice == 3 ]];then
		bash /usr/local/SSR-Bash/ssadmin.sh restart >> /dev/null 2>&1
		echo 'SSR与sscounter已重启'
	fi

	if [[ $schoice == 4 ]];then
		bash /usr/local/SSR-Bash/ssadmin.sh status
	fi
	if [[ $schoice == 5 ]];then
		preparevars
		echomethods

		while :; do echo
			read -p "请选择新的加密方式： " methodchoice
			if [[ ! $methodchoice =~ ^[1-5]$ ]]; then
				echo "${CWARNING}输入错误! 请输入正确的数字!${CEND}"
			else
				break
			fi
		done

		if [[ $methodchoice == 1 ]];then
			rm -rf /usr/local/SSR-Bash/vars/method
			echo "chacha20" > /usr/local/SSR-Bash/vars/method
			sed -i "s/${method}/chacha20/g" /usr/local/SSR-Bash/ssmlt.template
		fi

		if [[ $methodchoice == 2 ]];then
			rm -rf /usr/local/SSR-Bash/vars/method
			echo "aes-128-cfb" > /usr/local/SSR-Bash/vars/method
			sed -i "s/${method}/aes-128-cfb/g" /usr/local/SSR-Bash/ssmlt.template
		fi

		if [[ $methodchoice == 3 ]];then
			rm -rf /usr/local/SSR-Bash/vars/method
			echo "aes-256-cfb" > /usr/local/SSR-Bash/vars/method
			sed -i "s/${method}/aes-256-cfb/g" /usr/local/SSR-Bash/ssmlt.template
		fi

		if [[ $methodchoice == 4 ]];then
			rm -rf /usr/local/SSR-Bash/vars/method
			echo "salsa20" > /usr/local/SSR-Bash/vars/method
			sed -i "s/${method}/salsa20/g" /usr/local/SSR-Bash/ssmlt.template
		fi

		if [[ $methodchoice == 5 ]];then
			rm -rf /usr/local/SSR-Bash/vars/method
			echo "rc4-md5" > /usr/local/SSR-Bash/vars/method
			sed -i "s/${method}/rc4-md5/g" /usr/local/SSR-Bash/ssmlt.template
		fi

		echoprotocols

		while :; do echo
			read -p "请选择新的协议： " protocolchoice
			if [[ ! $protocolchoice =~ ^[1-8]$ ]]; then
				echo "${CWARNING}输入错误! 请输入正确的数字!${CEND}"
			else
				break
			fi
		done




		if [[ $protocolchoice == 1 ]];then
			rm -rf /usr/local/SSR-Bash/vars/protocol
			echo "origin" > /usr/local/SSR-Bash/vars/protocol
			sed -i "s/${protocol}/origin/g" /usr/local/SSR-Bash/ssmlt.template
		fi

		if [[ $protocolchoice == 2 ]];then
			rm -rf /usr/local/SSR-Bash/vars/protocol
			echo "auth_simple" > /usr/local/SSR-Bash/vars/protocol
			sed -i "s/${protocol}/auth_simple/g" /usr/local/SSR-Bash/ssmlt.template
		fi

		if [[ $protocolchoice == 3 ]];then
			rm -rf /usr/local/SSR-Bash/vars/protocol
			echo "auth_sha1_v2" > /usr/local/SSR-Bash/vars/protocol
			sed -i "s/${protocol}/auth_sha1/g" /usr/local/SSR-Bash/ssmlt.template
		fi

		if [[ $protocolchoice == 4 ]];then
			rm -rf /usr/local/SSR-Bash/vars/protocol
			echo "auth_sha1_v4" > /usr/local/SSR-Bash/vars/protocol
			sed -i "s/${protocol}/auth_sha1_v4/g" /usr/local/SSR-Bash/ssmlt.template
		fi

		if [[ $protocolchoice == 5 ]];then
			rm -rf /usr/local/SSR-Bash/vars/protocol
			echo "auth_aes128_md5" > /usr/local/SSR-Bash/vars/protocol
			sed -i "s/${protocol}/auth_aes128_md5/g" /usr/local/SSR-Bash/ssmlt.template
		fi

		if [[ $protocolchoice == 6 ]];then
			rm -rf /usr/local/SSR-Bash/vars/protocol
			echo "auth_aes128_sha1" > /usr/local/SSR-Bash/vars/protocol
			sed -i "s/${protocol}/auth_aes128_sha1/g" /usr/local/SSR-Bash/ssmlt.template
		fi

		if [[ $protocolchoice == 7 ]];then
			rm -rf /usr/local/SSR-Bash/vars/protocol
			echo "verify_sha1" > /usr/local/SSR-Bash/vars/protocol
			sed -i "s/${protocol}/verify_sha1/g" /usr/local/SSR-Bash/ssmlt.template
		fi

		if [[ $protocolchoice == 8 ]];then
			rm -rf /usr/local/SSR-Bash/vars/protocol
			echo "verify_deflate" > /usr/local/SSR-Bash/vars/protocol
			sed -i "s/${protocol}/verify_deflate/g" /usr/local/SSR-Bash/ssmlt.template
		fi

		echoobfs

		while :; do echo
			read -p "请选择新的混淆： " obfschoice
			if [[ ! $obfschoice =~ ^[1-4]$ ]]; then
				echo "${CWARNING}输入错误! 请输入正确的数字!${CEND}"
			else
				break
			fi
		done


		if [[ $obfschoice == 1 ]];then
			rm -rf /usr/local/SSR-Bash/vars/obfs
			echo "plain" > /usr/local/SSR-Bash/vars/obfs
			sed -i "s/${obfs}/plain/g" /usr/local/SSR-Bash/ssmlt.template
		fi

		if [[ $obfschoice == 2 ]];then
			rm -rf /usr/local/SSR-Bash/vars/obfs
			echo "http_simple" > /usr/local/SSR-Bash/vars/obfs
			sed -i "s/${obfs}/http_simple/g" /usr/local/SSR-Bash/ssmlt.template
		fi

		if [[ $obfschoice == 3 ]];then
			rm -rf /usr/local/SSR-Bash/vars/obfs
			echo "http_post" > /usr/local/SSR-Bash/vars/obfs
			sed -i "s/${obfs}/http_post/g" /usr/local/SSR-Bash/ssmlt.template
		fi

		if [[ $obfschoice == 4 ]];then
			rm -rf /usr/local/SSR-Bash/vars/obfs
			echo "tls1.2_ticket_auth" > /usr/local/SSR-Bash/vars/obfs
			sed -i "s/${obfs}/tls1.2_ticket_auth/g" /usr/local/SSR-Bash/ssmlt.template
		fi
		
		if [[ $protocolchoice == 1 ]];then
			echo -e "\033[41;37m 警告：\033[0m协议使用origin将无法限制设备连接数，但不影响正常使用"
		fi
		bash /usr/local/SSR-Bash/ssadmin.sh restart >> /dev/null 2>&1
		echo ''
		echo '修改成功！服务器已重启！'
		preparevars
		echo "当前加密方式：${method}"
		echo "当前协议：${protocol}"
		echo "当前混淆：${obfs}"

	fi
	
	if [[ $schoice == 6 ]];then
		read -p "输入主要 DNS 服务器: " ifdns1
		read -p "输入次要 DNS 服务器: " ifdns2
		echo "nameserver $ifdns1" > /etc/resolv.conf
		echo "nameserver $ifdns2" >> /etc/resolv.conf
		echo "DNS 服务器已设置为  $ifdns1 $ifdns2"
	fi
	
	if [[ $schoice == 7 ]];then
		if [[ $protocol == origin ]];then
			echo '当前协议为origin，无法使用此功能！'
		else
			if [[ $protocol_param == 0 ]]; then
				echo "当前每个端口可接入的设备数无限制"
			else
				echo "当前每个端口可接入设备数最大为 $protocol_param"
			fi
			while :; do echo
				read -p "请输入新的设备数量限制(填写0表示不限制设备数量): " devicenum
				if [[ $devicenum == *[!0-9]* ]]; then
					echo "${CWARNING}输入错误! 请输入正确的数字!${CEND}"
				else
					break
				fi
			done
			rm -rf /usr/local/SSR-Bash/vars/protocol_param
			echo "$devicenum">/usr/local/SSR-Bash/vars/protocol_param
			sed -i "s/\"protocol_param\": \"$protocol_param\",/\"protocol_param\": \"$devicenum\",/g" /usr/local/SSR-Bash/ssmlt.template
			bash /usr/local/SSR-Bash/ssadmin.sh restart >> /dev/null 2>&1
			echo 'SSR服务器已重启'
			if [[ $devicenum == 0 ]]; then
				echo "当前每个端口最多可同时接入无限台设备"
			else
				echo "当前每个端口最多可同时接入$devicenum台设备"
			fi

		fi
	fi
	
	if [[ $schoice == 8 ]];then
		echo -e "\033[41;37m 进入Debug模式，方便查找错误信息。退出请按 Ctrl + C \033[0m"
		bash /usr/local/SSR-Bash/ssadmin.sh stop >> /dev/null 2>&1
		python /usr/local/shadowsocks/shadowsocks/server.py
		echo ''
		echo -e "\033[41;37m Debug模式已停止，请手动启动服务 \033[0m"
	fi
fi



if [[ $choice == 2 ]];then
	userchoice
	while :; do echo
		read -p "请选择： " uchoice
		if [[ ! $uchoice =~ ^[1-6]$ ]]; then
			echo "${CWARNING}输入错误! 请输入正确的数字!${CEND}"
		else
			break
		fi
	done

	if [[ $uchoice == 1 ]];then
		read -p "请输入新用户端口： " newport
		read -p "请输入新用户端口的密码： " newpassword
		read -p "请输入新用户流量限制（例如 10G, 500M）： " newlimit
		bash /usr/local/SSR-Bash/ssadmin.sh add $newport $newpassword $newlimit >> /dev/null 2>&1
		ip=`curl -m 10 -s http://members.3322.org/dyndns/getip`
		SSRprotocol=$protocol
		SSRobfs=$obfs
		SSRPWDbase64=`echo -n "${newpassword}" | base64`
		SSRbase64=`echo -n "${ip}:${newport}:${SSRprotocol}:${method}:${SSRobfs}:${SSRPWDbase64}" | base64 | sed ':a;N;s/\n/ /g;ta' | sed 's/ //g'`
		SSRurl="ssr://"${SSRbase64}
		SSRQRcode="http://pan.baidu.com/share/qrcode?w=300&h=300&url="${SSRurl}
		echo "端口为 $newport 密码为 $newpassword 流量限制为 $newlimit 的用户已添加成功！"
		echo ''
		echo -e "服务器IP: \033[41;37m${ip}\033[0m"
		echo -e "用户端口: \033[41;37m${newport}\033[0m"
		echo -e "密码: \033[41;37m${newpassword}\033[0m"
		echo -e "加密： \033[41;37m${method}\033[0m"
		echo -e "协议： \033[41;37m${protocol}\033[0m"
		echo -e "混淆： \033[41;37m${obfs}\033[0m"
		echo ''
		echo 'SSR链接:'
		echo -e "\033[41;37m$SSRurl\033[0m"
		echo ''
		echo 'SSR二维码地址：'
		echo -e "\033[41;37m$SSRQRcode\033[0m"
		echo ''
	fi

	if [[ $uchoice == 2 ]];then
		read -p "请输入要删除的用户端口： " delport
		bash /usr/local/SSR-Bash/ssadmin.sh del $delport
		echo "端口为 $delport 的用户删除成功！"
	fi

	if [[ $uchoice == 3 ]];then
		read -p "请输入要修改密码的用户的端口： " cport
		read -p "请输入新密码： " cpassword
		bash /usr/local/SSR-Bash/ssadmin.sh cpw $cport $cpassword
		
		
		
		ip=`curl -m 10 -s http://members.3322.org/dyndns/getip`
		SSRprotocol=$protocol
		SSRobfs=$obfs
		SSRPWDbase64=`echo -n "${cpassword}" | base64`
		SSRbase64=`echo -n "${ip}:${cport}:${SSRprotocol}:${method}:${SSRobfs}:${SSRPWDbase64}" | base64 | sed ':a;N;s/\n/ /g;ta' | sed 's/ //g'`
		SSRurl="ssr://"${SSRbase64}
		SSRQRcode="http://pan.baidu.com/share/qrcode?w=300&h=300&url="${SSRurl}
		echo "端口为 $cport 的用户密码已成功更改为 $cpassword"
		echo ''
		echo -e "服务器IP: \033[41;37m${ip}\033[0m"
		echo -e "用户端口: \033[41;37m${cport}\033[0m"
		echo -e "密码: \033[41;37m${cpassword}\033[0m"
		echo -e "加密： \033[41;37m${method}\033[0m"
		echo -e "协议： \033[41;37m${protocol}\033[0m"
		echo -e "混淆： \033[41;37m${obfs}\033[0m"
		echo ''
		echo 'SSR链接:'
		echo -e "\033[41;37m$SSRurl\033[0m"
		echo ''
		echo 'SSR二维码地址：'
		echo -e "\033[41;37m$SSRQRcode\033[0m"
		echo ''
	fi

	if [[ $uchoice == 4 ]];then
		read -p "请输入要查看密码的用户端口： " showport
		bash /usr/local/SSR-Bash/ssadmin.sh showpw $showport
	fi

	if [[ $uchoice == 5 ]];then
		bash /usr/local/SSR-Bash/ssadmin.sh showpw
	fi
	
	if [[ $uchoice == 6 ]];then
	read -p "请输入起始端口： " startport
	read -p "请输入新用户端口的密码： " newpassword
	read -p "请输入新用户流量限制（例如 10G, 500M）： " newlimit
	read -p "请输入添加用户数量： " usernum
	bash /usr/local/SSR-Bash/ssadmin.sh addmore $startport $newpassword $newlimit $usernum >> /dev/null 2>&1
	echo ''
	echo "起始端口为 $startport ，数量为$usernum，密码为 $newpassword 流量限制为 $newlimit 的用户已添加成功！"
	fi
fi


if [[ $choice == 3 ]];then

	bandchoice

	while :; do echo
		read -p "请选择： " bchoice
		if [[ ! $bchoice =~ ^[1-8]$ ]]; then
			echo "${CWARNING}输入错误! 请输入正确的数字!${CEND}"
		else
			break
		fi
	done

	if [[ $bchoice == 1 ]];then
		read -p "请输入要查看流量的用户端口： " bport
		bash /usr/local/SSR-Bash/ssadmin.sh show $bport
	fi

	if [[ $bchoice == 2 ]];then
		bash /usr/local/SSR-Bash/ssadmin.sh show
	fi
	
	if [[ $bchoice == 3 ]];then
		read -p "请输入要修改流量限制的用户端口： " climitport
		read -p "请输入新的流量限制： " climit
		bash /usr/local/SSR-Bash/ssadmin.sh clim $climitport $climit
		echo "端口为 $climitport 的用户的流量限制已改为 $climit"
	fi
	
	if [[ $bchoice == 4 ]];then
		read -p "请输入对所有用户的新的流量限制： " climitforallusers
		bash /usr/local/SSR-Bash/ssadmin.sh change_all_limit $climitforallusers
		echo "所有用户的流量限制已改为 $climitforallusers"
	fi
	
	if [[ $bchoice == 5 ]];then
		read -p "请输入要清零已用流量的用户端口： " zeroport
		bash /usr/local/SSR-Bash/ssadmin.sh rused $zeroport
		echo "端口号为 $zeroport 的用户已用流量已清零"
	fi
	
	if [[ $bchoice == 6 ]];then
		bash /usr/local/SSR-Bash/ssadmin.sh reset_all_used
		echo '所有用户已用流量已清零！'
	fi
	
	if [[ $bchoice == 7 ]];then
		bash /usr/local/SSR-Bash/ssadmin.sh lrules
	fi	
	
	if [[ $bchoice == 8 ]];then
		echo "本脚本会限制本VPS发送邮件和BT下载等相关功能。无法撤回！"
		echo "脚本来源：https://doub.io/wlzy-14/"
		echo ''
		read -p "确认按任意键继续，否则请退出！" btspamconfirm
		wget -4qO- softs.pw/Bash/Get_Out_Spam.sh|bash
	fi	
fi

if [[ $choice == 4 ]];then
	upgradechoice
	while :; do echo
		read -p "请选择： " upgradeselect
		if [[ ! $upgradeselect =~ ^[1-5]$ ]]; then
			echo "${CWARNING}输入错误! 请输入正确的数字!${CEND}"
		else
			break
		fi
	done

	if [[ $upgradeselect == 1 ]];then
		bash /usr/local/SSR-Bash/ssadmin.sh stop >> /dev/null 2>&1
		rm -rf /tmp/ssusers
		mv /usr/local/SSR-Bash/ssusers /tmp/
		rm -rf /usr/local/bin/ssr
		rm -rf /usr/local/SSR-Bash
		cd /usr/local
		git clone https://github.com/FunctionClub/SSR-Bash
		mv /usr/local/SSR-Bash/ssr /usr/local/bin/
		chmod +x /usr/local/bin/ssr
		mv /tmp/ssusers /usr/local/SSR-Bash/
		bash /usr/local/SSR-Bash/ssadmin.sh start >> /dev/null 2>&1
		echo 'SSR-Bash升级成功！请检查新的加密方式，协议和混淆！'
	fi 
	
	if [[ $upgradeselect == 2 ]];then
		bash /usr/local/SSR-Bash/ssadmin.sh stop >> /dev/null 2>&1
		cd /usr/local
		rm -rf shadowsocks
		git clone https://github.com/shadowsocksr/shadowsocksr
		mv shadowsocksr shadowsocks
		bash /usr/local/SSR-Bash/ssadmin.sh start >> /dev/null 2>&1
		echo 'ShadowsocksR主程序升级成功！已启动！'
	fi
	
	if [[ $upgradeselect == 3 ]];then
		bash /usr/local/SSR-Bash/ssadmin.sh stop >> /dev/null 2>&1
		echo '本操作不适合新手使用，数据会清空！'
		read -p "输入更新到分支：(默认请填写master) " upgradeadd
		rm -rf /usr/local/bin/ssr
		cd /usr/local
		rm -rf SSR-Bash
		git clone -b $upgradeadd https://github.com/FunctionClub/SSR-Bash
		wget -N --no-check-certificate -O /usr/local/bin/ssr https://raw.githubusercontent.com/FunctionClub/SSR-Bash/$upgradeadd/ssr
		chmod +x /usr/local/bin/ssr
	fi
	
	
	if [[ $upgradeselect == 4 ]];then
		bash /usr/local/SSR-Bash/ssadmin.sh stop >> /dev/null 2>&1
		rm -rf /root/ssusers
		cp /usr/local/SSR-Bash/ssusers /root/ssusers
		bash /usr/local/SSR-Bash/ssadmin.sh start >> /dev/null 2>&1
		echo '用户数据已备份至 /root/ssusers'
	fi
	
	if [[ $upgradeselect == 5 ]];then
		read -p "请确保备份数据在 /root/ssusers ，按任意键继续，否则请退出！" confirm
		bash /usr/local/SSR-Bash/ssadmin.sh stop >> /dev/null 2>&1
		rm -rf /usr/local/SSR-Bash/ssusers
		cp /root/ssusers /usr/local/SSR-Bash/
		bash /usr/local/SSR-Bash/ssadmin.sh start >> /dev/null 2>&1
	fi
	
fi

